A physically unclonable function (PUF) exploits variations, such as statistical process variation in manufacture or operation, to generate secret keys used in cryptographic operations, chip authentication, and even random number generation. A device that supports a PUF yields different responses to different challenge inputs. Authentication of a device using a PUF is performed by supplying a challenge input to the device to which the response of an authentic device is known. The response is a result of a function that, by definition, is not clonable. For example, a PUF may result from process variations in the production of otherwise identical devices. As a result of the process variations, the otherwise identical devices may respond with a different series of bits in response to a set of challenge input bits. An expected response to each of one or more sets of challenge inputs is determined empirically for each of the devices by determining a response to each of the one or more sets of challenge bits. A particular device may authenticate itself by providing the expected response to the one or more sets of challenge bits recorded for that particular device. Common circuit choices to implement a PUF may include using a ring oscillator or a multiplexer arbiter scheme.
It is desirable that a PUF be both unpredictable and stable. If a PUF is predictable, a response to a challenge may be determined without querying the authentic device. Thus, a predictable PUF would enable authentication to be faked. If the PUF is unstable, the authentic device may not always generate the same response in reply to a challenge and, as a result, an authentic device may be unable to authenticate itself.